There are several known technologies for online storing and sharing of data files. For example a service may provide server capacity, where registered users can transfer data files between their personal/work computer device and the server via internet for backup of data files, for sharing data files, for collaboration on data files, for synchronisation of data files etc. Some service providers use encryption methods when transferring files between the server and the computer device of the user.
The encrypted transfer of a file between the computer device and the server often uses a protocol like the Hypertext Transfer Protocol Secure (HTTPS) to encrypt the transfer of a data file from the computer device to the server. Hence, the server receives an encrypted file, but when received, the data file is decrypted and the data file is stored unencrypted. A person with administration privileges on the server will easily have access to the data file.
Some service providers also offer a system with the possibility of encrypting the data file before transferring the file to the server, and storing of the data file encrypted on the server. In order to share the data file, the encryption key must be stored together with the encrypted data file. Again, a person with administrator privileges may then access the file. Alternatively, no encryption key is stored on the server; however, no sharing of the data file is then possible.
Lately the market has seen a new generation of cloud services for file storage and sharing, hereafter called cloud storage services or merely cloud services. These cloud storage services for file storage and sharing is rapidly becoming very popular. Some of these new cloud storage services offer “secure” storage and sharing as an optional service. These systems may implement encryption as a security mechanism. Encryption key escrow is part of the service offering. An example of such offering is the product “Dropbox”, that offer services for storing, sharing and accessing photos, docs and other filetypes anywhere with emphasis on availability across platforms such as computers and phones. Main feature is the guarantee that none of the information ever will be lost. Other examples of products that offer similar cloud service are Google Drive, Microsoft Skydrive and Sharefile.
The problem with these cloud storage services is that either the user must entrust the cloud storage services with their unsecured files, or they need to trust the key escrow features of the cloud storage services. This is a big problem since the file owner must rely on confidentiality of a 3.rd party.
One object of the present invention is to provide a method and system for secure storing of a data file via a cloud service, which in the case when the web browser version is in use can be used even if the user does not have administrator privileges on his computer and without the need for installation of a separate application. Moreover, one object is to provide that the data files are kept continuously encrypted from the time when the data file is leaving the computer device of the user and to the time when the same or another computer device is receiving the data file from the cloud service. In this way it is avoided that a person with administration privileges has access or can get access to the unencrypted data file. Moreover, if a person without privileges breaks into the cloud service, he/she will not get access to the unencrypted content of the data files as well.
Further there is an object of the present invention to provide a watertight system for key generation and management, where only the person authorised to decrypt the data files have access to the data file encryption keys.
Another object is to provide a method and system where the user can give access to the data file to other users.
It is also an object of the invention to provide a method and system that is equally adaptable to any type of user computer, and to any type of cloud data storage services.